Not all Android apps are the same: some, even if they are not detected as harmful, can threaten user privacy and collect data of which, often, you are not aware. Many Android apps published in the Google Play Store contain tracked components ( trackers ): some are harmless, but others can pose a risk to your privacy.
Trackers are software components whose main objective is to collect information on the person using the application, how the app is used, and the smartphone on which it is installed. They are generally made available to developers (Android and iOS) in the form of pre-packaged packages ( SDK ). Not all trackers are the same: some are designed to manage application crashes by collecting information on problems that may have arisen, others to understand better the users who use each app ( analytics ).
Other trackers provide tools for user profiling, allowing to store and subsequently analyze as much information as possible about users; others help to identify users, show advertising messages and geolocate client devices. Generally, the developers of the individual applications decide whether to integrate one or more trackers to cover various needs.
In some cases, the goal is to get to know your audience better, while in others, to monetize the data collected by transferring it to third parties (who use it for business purposes and resell it to others). In the GDPR era, these treatments should be less common and more complicated to implement because users must be promptly informed about the nature and purpose of collecting personal data.
Yet, as confirmed on the Exodus Privacy website, a French non-profit organization that checks the behavior of Android apps and detects the presence of trackers, the situation has become even more complex today. While the Authorities tend to focus a lot on the data processing carried out by website managers, what has been happening for some time in the world of apps for mobile devices appears like a real jungle within which many of the activities are carried out and, therefore a large part of the transfers put in place appear almost inscrutable.
Analyzing the behavior of an Android app is, at least for “mere mortals”, rather complicated. In the article Blocking Android apps with a firewall and checking those that track users, and the following article Android app Internet access and use of the data connection: how to set them, we saw how an application such asNetGuard could be used to prevent data transfers by various apps.
In many cases, blocking all outgoing traffic produced by a specific Android app risks compromising its functionality. Therefore, a good approach to evaluating an app’s behavior is to check which permissions it uses and ask why, for example, it exploits some of them that are not strictly necessary: Android apps are dangerous for security and privacy.
Even a scan of the apps installed with an antivirus application for Android (provided it is known and universally appreciated) – see the article Android antivirus: no, it’s not useless for some suggestions – it helps a lot in identifying potentially dangerous applications. Yes, because some Android apps may appear harmless (therefore do not contain any malware) like most of those published on the Google Play Store – but still host trackers that are dangerous for user privacy.
Experts from the Exodus Privacy project claim to have found Android apps with more than 30 built-in trackers. Additionally, in more than 37,000 Android apps scrutinized from the Google Play Store, Exodus Privacy identified nearly 160 different trackers.
We also point out the case of Android apps published on the Play Store that start installing malware and exposing the smartphone to remote attack risks: Some Android apps published on the Play Store downloaded malware onto devices. Developers sometimes need to be better aware of the nature of the trackers they put into their Android apps.
By not paying particular attention to the behavior of each third-party software object, the tracker could, for example, extract the complete address book or a list of installed apps and send them to remote servers, in most cases outside the borders of the European Union. In combination with other fragments of data collected by trackers (we often speak, wrongly, of information collected anonymously), third parties can trace the identity of individual users and compose a social network with information on colleagues and acquaintances.
Also Read: CIDManager On Android – What Is It & How CIDManager To Stop It?
How To Find Out The Behavior Of Installed Android Apps And Check For Any Trackers
To check whether or not an Android app uses any trackers, you need to decompile them. However, most developers prohibit any reverse engineering activity: the Exodus Privacy project uses a little trick that takes advantage of the Android peculiarity to list some details related to the “behind the scenes” of the applications.
An APK is a Zip file that houses information on the application layout and the so-called DEX files, which contain only the part of the app written in Java or Kotlin and the libraries used. These files hold the names of all the classes the Android app uses in clear text, including the names of the included libraries. These elements allow you to quickly conclude the nature and behavior of your Android app without looking closely at the code.
To automate the analysis of Android apps for trackers and overly broad permissions used by applications installed on your devices, you can install Exodus Privacy . For each app installed on the Android device, Exodus Privacy indicates the number of trackers that have been detected and the permissions requested.
With Exodus Privacy, it is possible to obtain valuable information on Android apps even before their installation: the project uses the thedexdump command (see below) and manages a rich database with details on each application. Just visit the Exodus Privacy homepage and type the name of the Android app you want to check into the Application name box.
You can also type the unique identifier of the app that appears in the address bar by visiting the corresponding page on the Google Play Store. On the next page, you can verify the trackers that may be present (together with their identity) and the requested permissions. By clicking on the tracker’s name, it is possible to learn more and learn about the subjects who manage the data collection.
Analyze Android App Behaviour With Dexdump
We said that Exodus bases its operation on the Dexdump tool: made by Google, which allows you to scan APK files . We tried to use Dexdump from a Linux Debian system by starting the installation of the tool with the following command: Sudo apt-get install dexdump -y Dexdump installation can also be requested in a WSL Ubuntu virtual machine created with Windows 10: Linux in Windows: how, when and why to use it.
Assuming you already have the APK file of the Android app you want to examine (see also App backup on Android: how to do it ), type dexdump appname.apk | grep “Class descriptor” | sort | uniq This way, you will get the complete list of classes used in the Android application. The class name (” Class descriptor “) helps to understand whether potentially dangerous trackers were present at a glance. More information about installed Android apps can be found on the AppBrain site.
Read Also: What Are The Best Web Browsers In 2023?